This was an issue earlier in the template building process based on this comment:
It seems to have been brought back with the new update of selinux-policy and selinux-policy-targeted.
For some reason, it changes the labels of qubes-related binaries so that qrexec can’t access the information it needs:
fedora-41-xfce audit[606]: AVC avc: denied { read } for pid=606 comm="qrexec-agent" name="meminfo-writer.pid" dev="tmpfs" ino=785 scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
Temporarily fix:
- Set initial memory to
2048 - Start impacted standalone/template
- Reinstall all selinux related packages:
sudo dnf reinstall $(rpm -qa --qf "%{NAME}\n" | grep selinux | tr '\n' ' ') - Shutdown standalone/template
- Change initial memory back to
500 - Start standalone/template and check memory:
# Should display the maximum memory value in the Total column free -hm
This selinux issue will probably appear every time both selinux-policy and selinux-policy-targeted are updated. @marmarek Now that the Fedora 41 template is official, a lot of users will get this issue. Any idea how to fix this transparently?